Total
2036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7216 | 1 Lty628 | 1 Aidigu | 2025-07-13 | 7.3 High |
| A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52724 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection. This issue affects Amwerk: from n/a through 1.2.0. | ||||
| CVE-2025-52827 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Nuss allows Object Injection. This issue affects Nuss: from n/a through 1.3.3. | ||||
| CVE-2025-52826 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-52725 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in pebas CouponXxL allows Object Injection. This issue affects CouponXxL: from n/a through 3.0.0. | ||||
| CVE-2025-28970 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object Injection. This issue affects WP Optimize By xTraffic: from n/a through 5.1.6. | ||||
| CVE-2025-6464 | 2 Incsub, Wordpress | 2 Forminator, Wordpress | 2025-07-13 | 7.5 High |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' function. This makes it possible for unauthenticated attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Deserialization occurs when the form submission is deleted, whether by an Administrator or via auto-deletion determined by plugin settings. | ||||
| CVE-2025-52828 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Red Art allows Object Injection. This issue affects Red Art: from n/a through 3.7. | ||||
| CVE-2025-39550 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15. | ||||
| CVE-2024-10942 | 2 Wordpress, Yaniiliev | 2 Wordpress, All In One Wp Migration And Backup | 2025-07-13 | 7.5 High |
| The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit. | ||||
| CVE-2024-30228 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.9 Critical |
| Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | ||||
| CVE-2025-39354 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2. | ||||
| CVE-2025-39356 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a through 3.2. | ||||
| CVE-2024-12742 | 1 Ni | 1 G Web Development Software | 2025-07-13 | 7.8 High |
| A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions. | ||||
| CVE-2024-24551 | 1 Bludit | 1 Bludit | 2025-07-13 | N/A |
| A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | ||||
| CVE-2024-56058 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1. | ||||
| CVE-2025-49072 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. | ||||
| CVE-2024-56291 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object Injection.This issue affects PlainInventory: from n/a through 3.1.6. | ||||
| CVE-2024-37502 | 2 Wordpress, Wpweb | 2 Wordpress, Woocommerce Social Login | 2025-07-13 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. | ||||
| CVE-2025-26999 | 1 Metagauss | 1 Profilegrid | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection. This issue affects ProfileGrid : from n/a through 5.9.4.3. | ||||